{"id":"https://openalex.org/W4221055863","doi":"https://doi.org/10.1145/3492321.3519566","title":"Hybrid anomaly detection and prioritization for network logs at cloud scale","display_name":"Hybrid anomaly detection and prioritization for network logs at cloud scale","publication_year":2022,"publication_date":"2022-03-28","ids":{"openalex":"https://openalex.org/W4221055863","doi":"https://doi.org/10.1145/3492321.3519566"},"language":"en","primary_location":{"id":"doi:10.1145/3492321.3519566","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3492321.3519566","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Seventeenth European Conference on Computer Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076963241","display_name":"David Ohana","orcid":"https://orcid.org/0000-0001-9300-5879"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"David Ohana","raw_affiliation_strings":["IBM Research, Haifa, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research, Haifa, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066452781","display_name":"Bruno Wassermann","orcid":"https://orcid.org/0000-0003-2584-2629"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Bruno Wassermann","raw_affiliation_strings":["IBM Research, Haifa, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research, Haifa, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103202133","display_name":"Nicolas Dupuis","orcid":"https://orcid.org/0000-0002-5813-8323"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nicolas Dupuis","raw_affiliation_strings":["IBM Research"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048483632","display_name":"Elliot K. Kolodner","orcid":null},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Elliot Kolodner","raw_affiliation_strings":["IBM Research, Haifa, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research, Haifa, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066787561","display_name":"Eran Raichstein","orcid":"https://orcid.org/0000-0001-7962-4876"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Eran Raichstein","raw_affiliation_strings":["IBM Research, Haifa, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research, Haifa, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020331597","display_name":"Michal Malka","orcid":"https://orcid.org/0000-0001-8215-7682"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Michal Malka","raw_affiliation_strings":["IBM Research, Haifa, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research, Haifa, Israel","institution_ids":["https://openalex.org/I4210167297"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5076963241"],"corresponding_institution_ids":["https://openalex.org/I4210167297"],"apc_list":null,"apc_paid":null,"fwci":0.7129,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.70777373,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"236","last_page":"250"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7775481939315796},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7052305936813354},{"id":"https://openalex.org/keywords/observability","display_name":"Observability","score":0.6557415127754211},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.6414122581481934},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.5472695827484131},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.501234769821167},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.491115540266037},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.48949134349823},{"id":"https://openalex.org/keywords/ibm","display_name":"IBM","score":0.44653406739234924},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4396291673183441},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.42298081517219543},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3983156979084015},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38991081714630127}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7775481939315796},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7052305936813354},{"id":"https://openalex.org/C36299963","wikidata":"https://www.wikidata.org/wiki/Q1369844","display_name":"Observability","level":2,"score":0.6557415127754211},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.6414122581481934},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.5472695827484131},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.501234769821167},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.491115540266037},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.48949134349823},{"id":"https://openalex.org/C70388272","wikidata":"https://www.wikidata.org/wiki/Q5968558","display_name":"IBM","level":2,"score":0.44653406739234924},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4396291673183441},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.42298081517219543},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3983156979084015},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38991081714630127},{"id":"https://openalex.org/C28826006","wikidata":"https://www.wikidata.org/wiki/Q33521","display_name":"Applied mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C171250308","wikidata":"https://www.wikidata.org/wiki/Q11468","display_name":"Nanotechnology","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3492321.3519566","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3492321.3519566","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Seventeenth European Conference on Computer Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/13","score":0.4300000071525574,"display_name":"Climate action"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W109302393","https://openalex.org/W1974648336","https://openalex.org/W1990249073","https://openalex.org/W2002432468","https://openalex.org/W2016210396","https://openalex.org/W2026453187","https://openalex.org/W2042506099","https://openalex.org/W2079054072","https://openalex.org/W2093606067","https://openalex.org/W2106846349","https://openalex.org/W2108832705","https://openalex.org/W2123983325","https://openalex.org/W2132870739","https://openalex.org/W2144182447","https://openalex.org/W2288292231","https://openalex.org/W2296719434","https://openalex.org/W2401686019","https://openalex.org/W2511709628","https://openalex.org/W2521054378","https://openalex.org/W2620661538","https://openalex.org/W2767094836","https://openalex.org/W2795948303","https://openalex.org/W2798032373","https://openalex.org/W2911964244","https://openalex.org/W2948517885","https://openalex.org/W2995067726","https://openalex.org/W2997591727","https://openalex.org/W3105931142","https://openalex.org/W3128928262","https://openalex.org/W4231521396"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W3120251014"],"abstract_inverted_index":{"Monitoring":[0],"the":[1,12,36,49,110,119,126,152,190],"health":[2,86],"of":[3,15,30,51,84,109,129,155,167,172,174],"large-scale":[4],"systems":[5,52],"requires":[6],"significant":[7],"manual":[8],"effort,":[9],"usually":[10],"through":[11],"continuous":[13],"curation":[14],"alerting":[16,187,193],"rules":[17],"based":[18],"on":[19,164],"keywords,":[20],"thresholds":[21],"and":[22,34,95,104,143,181],"regular":[23],"expressions,":[24],"which":[25,108],"might":[26],"generate":[27],"a":[28,79],"flood":[29],"mostly":[31],"irrelevant":[32],"alerts":[33,142],"obscure":[35],"actual":[37],"information":[38,139],"operators":[39],"would":[40],"like":[41],"to":[42,47,98,106,115,118],"see.":[43],"Existing":[44],"approaches":[45],"try":[46],"improve":[48],"observability":[50,150],"by":[53,136,170,196,200],"intelligently":[54],"detecting":[55],"anomalous":[56],"situations.":[57],"Such":[58],"solutions":[59],"surface":[60],"anomalies":[61,100,112],"that":[62,71,183],"are":[63,113],"statistically":[64],"significant,":[65],"but":[66],"may":[67],"not":[68],"represent":[69],"events":[70],"reliability":[72],"engineers":[73],"consider":[74],"relevant.":[75],"We":[76,146,158],"propose":[77],"ADEPTUS,":[78],"practical":[80],"approach":[81],"for":[82,133,149],"detection":[83],"relevant":[85,117],"issues":[87],"in":[88,151],"an":[89,160],"established":[90],"system.":[91],"ADEPTUS":[92,124,148,184],"combines":[93],"statistics":[94],"unsupervised":[96],"learning":[97,103,135],"detect":[99],"with":[101],"supervised":[102,134],"heuristics":[105],"determine":[107],"detected":[111],"likely":[114],"be":[116],"Site":[120],"Reliability":[121],"Engineers":[122],"(SREs).":[123],"overcomes":[125],"labor-intensive":[127],"prerequisite":[128],"obtaining":[130],"anomaly":[131],"labels":[132],"automatically":[137],"extracting":[138],"from":[140],"historic":[141],"incident":[144],"tickets.":[145],"leverage":[147],"network":[153,175],"infrastructure":[154],"IBM":[156],"Cloud.":[157],"perform":[159],"extensive":[161],"real-world":[162],"evaluation":[163],"10":[165],"months":[166],"logs":[168],"generated":[169],"tens":[171],"thousands":[173],"devices":[176],"across":[177],"11":[178],"data":[179],"centers":[180],"demonstrate":[182],"achieves":[185],"higher":[186],"accuracy":[188],"than":[189],"rule-based":[191],"log":[192],"solution,":[194],"curated":[195],"domain":[197],"experts,":[198],"used":[199],"SREs":[201],"daily.":[202]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}